Reputation: 4232
Active Directory access denied exception on DirectoryEntry.Invoke ChangePassword
Following MVC web api code works without errors
directoryEntry.Invoke("SetPassword", "desired password");
directoryEntry.CommitChanges();
But same application/service account get an error when attempting
directoryEntry.Invoke("ChangePassword", "old password", "new password");
directoryEntry.CommitChanges();
Error details:
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Does invoking ChangePassword require different permissions that SetPassword?
Upvotes: 1
Views: 4791
Answers (2)
Reputation: 21
check your application pool identity user in IIS7 set the user which has the admin rights to change the AD password
you can find it under iis 7 >> application pools then select the application pool which your application using then right click on it and select advance setting then locate Process Model under this you will find Identity attribute here set the correct user which has admin rights
Upvotes: 2
Reputation: 107606
You might be getting the access denied error due to the "User cannot change password" setting flag being checked. Any users for which you want to allow their password to be changed will need that setting unchecked.
Upvotes: 3
Related Questions
- UnauthorizedAccessException: Access is denied when changing AD password
- System.UnauthorizedAccessException calling UserPrincipal.SetPassword
- UserPrincipal.ChangePassword Throwing PasswordException
- C# DirectoryEntry.Invoke Exception has been thrown by the target of an invocation. One or more input parameters are invalid
- C# Active Directory Invoke "ChangePassword" cannot contact domain
- Error on Password Change Of Active Directory User
- LDAP: Unable to Change Password
- LDAP SetPassword Access is Denied
- Access Denied when changing password in AD programmatically
- The ChangePassword invocation with DirectoryEntry object